最終Jenkins流水線各步驟分解
Jenkins+Springboot+gitlab+maven+jdk+docker
目錄
- 安裝苍匆、運行jenkins
http://www.reibang.com/p/42e2771dcc94 - 編寫Jenkinsfile,Dockerfile,Deploy.sh
- 創(chuàng)建jenkins流水線工程
多模塊maven項目結構大概如下:
cfw-project #父工程
-canfu-eureka #子工程(1)
-canfu-provider #子工程(2)
-canfu-supplier #子工程(n)
-src
-pom.xml
-pom.xml
-Dockerfile_config #存放各子工程Dockerfile
-Deploy.sh #遠程部署腳本
1、編寫Jenkinsfile,Dockerfile,Deploy.sh
編寫聲明式Jenkinsfile
- 步驟大概為:(1)打印變量信息;(2)從源碼庫拉取對應分支代碼到"${WORKSPACE}";(3)maven編譯、打包;(4)將jar包構建成docker鏡像;(5)觸發(fā)部署腳本(Deploy.sh )實施遠程部署/重啟/回滾灾锯;(6)清理工作目錄
pipeline {
agent any
environment {
registryUrl= "192.168.1.110:5000" //搭建docker私有倉庫(Harbor)或者 用DockerHub 又或者用云平臺的“容器鏡像服務”
registry_user= "xxx"
registry_pass= "xxx"
}
options {
timestamps() //設置在項目打印日志時帶上對應時間
disableConcurrentBuilds() //不允許同時執(zhí)行流水線,被用來防止同時訪問共享資源等
timeout(time: 5, unit: 'MINUTES') // 設置流水線運行超過n分鐘嗅榕,Jenkins將中止流水線
buildDiscarder(logRotator(numToKeepStr: '20')) // 表示保留n次構建歷史
}
//gitlab webhook觸發(fā)器
//聚合項目顺饮,代碼發(fā)生以下動作后,所有子項目將被觸發(fā)構建,可選擇使用(前提需要gitlab配置 webhook)
//triggers{ //方法一凌那,為All時
// gitlab( triggerOnPush: true, //代碼有push動作就會觸發(fā)job
// triggerOnMergeRequest: true, //代碼有merge動作就會觸發(fā)job
// branchFilterType: "All") //為All時(只有符合條件的分支才會觸發(fā)構建 “All/NameBasedFilter/RegexBasedFilter”)
//}
//triggers{ //方法二兼雄,為branchFilterType時
// gitlab( triggerOnPush: true,
// triggerOnMergeRequest: true,
// branchFilterType: "branchFilterType", //為branchFilterType時
// includeBranchesSpec: "dev") //基于branchFilterType值,輸入期望包括的分支的規(guī)則
//}
stages{
stage('Print Message') { //打印信息
steps {
echo '打印信息'
echo "Project_Pipeline_name: ${JOB_NAME}"
echo "Project_module_name: ${PROJECT_NAME}"
echo "workspace: ${WORKSPACE}"
echo "branch: ${Branch_name}" //gitlab分支名
echo "build_id: ${BUILD_ID}"
echo "target_action: ${action}"
echo "registryUrl: ${registryUrl}"
echo "image_repository: ${registryUrl}/${Project_name}"
}
}
//此步驟在調試Jenkinsfile時可以注釋以便了解目錄結構
stage('Delete Workspace') { //清理工作目錄
steps {
echo "清理工作目錄: ${WORKSPACE}"
deleteDir() //表示刪除當前目錄(${WORKSPACE})下內容帽蝶,通常用在構建完畢之后清空工作空間
}
}
stage ('Checkout'){ //拉取代碼
steps{
echo '拉取代碼'
script {
if ( action == 'deploy' ) { //判斷當action == 'deploy' 時赦肋,才執(zhí)行此stage
checkout([$class: 'GitSCM', branches: [[name: '${Branch_name}']], doGenerateSubmoduleConfigurations: false, extensions: [], submoduleCfg: [],
userRemoteConfigs: [[credentialsId: '7ff3778d-124f-40b1-a5e6-05d600a7e59e', //gitlab登錄令牌,如何設置自行搜索方法
url: 'http://192.168.1.110/java/pipeline-project.git']]]) //gitlab項目clone地址
}
}
}
}
stage('Packaging project') { //mvn打包
steps {
echo 'mvn打包子項目'
script {
if ( action == 'deploy' ) {
sh 'source /etc/profile && mvn clean package -pl ${Project_name} -am -amd -P${Branch_name} -Dmaven.test.skip=true'
//“-pl”指定子項目名稱 励稳; “-P”指定使用哪個環(huán)節(jié)的配置文件(-Ptest即表示使用文件application-test.yml配置文件打包)
}
}
}
}
stage('Build & Push Image to Harbor') { //構建佃乘,推送鏡像
steps {
echo '構建,推送鏡像到docker鏡像倉庫'
dir ('./') { //指定工作目錄(默認為${WORKSPACE})
script {
if ( action == 'deploy' ) {
//方法一:
//sh 'docker login --username=${registry_user} --password=${registry_pass} ${registryUrl}'
//sh 'cp ${Project_name}/target/*.jar ./'
//sh 'docker build -t ${registryUrl}/${Project_name}:${Branch_name}-${BUILD_ID} -f ./Dockerfile_config/${Project_name}/Dockerfile . '
//sh 'docker push ${registryUrl}/${Project_name}:${Branch_name}-${BUILD_ID}'
//方法二:
sh 'docker login --username=${registry_user} --password=${registry_pass} ${registryUrl}'
sh 'cp ${Project_name}/target/*.jar ./ '
def app = docker.build('${registryUrl}/${Project_name}:${Branch_name}-${BUILD_ID} -f ./Dockerfile_config/${Project_name}/Dockerfile')
app.push('${Branch_name}-${BUILD_ID}')
//sh 'docker rmi ${registryUrl}/${Project_name}:${Branch_name}-${BUILD_ID}'
}
}
}
}
}
stage('Deploy to the Target server') { //部署到目標服務器($action == deploy/restart/rollback)
steps {
echo '部署到目標服務器'
script {
timeout(time: 40, unit: 'SECONDS') { // 設置遠程部署超過n秒驹尼,將終止該步驟
sh 'bash ./Deploy.sh ${Project_name} ${registryUrl}/${Project_name}:${Branch_name} ${Branch_name} ${action} ${BUILD_ID} ${rollback_id}' //${1,2,3,4,5,6}
}
}
}
}
}
編寫各子項目Dockerfile
FROM java:latest
LABEL maintainer="qiujt <qiujt123@163.com>"
ADD canfu-admin/target/canfu-supplier-0.0.1-SNAPSHOT.jar canfu-supplier.jar
EXPOSE 8096
ENTRYPOINT ["java","-jar","-Xms512m","-Xmx1024m","-XX:PermSize=512M","-XX:MaxPermSize=1024M","/canfu-supplier.jar"]
- FROM 指定基礎鏡像趣避,并且必須是第一條指令。(可以選擇更小的鏡像openjdk:8-jdk-alpine新翎,不過一些后臺項目驗證碼圖片會出不來鹅巍,慎用)
- LABEL MAINTAINER 指定維護者信息 語法:LABEL maintainer=" user_name <user_email>"
- ADD 將宿主機目錄下的文件拷貝進鏡像且 ADD 命令會自動處理 URL 和解壓 tar 壓縮包
- EXPOSE 當前容器對外暴露出的端口
- ENTRYPOINT:指定一個容器啟動時要運行的命令,ENTRYPOINT 的目的和 CMD 一樣料祠,都是在指定容器啟動程序及參數(shù)
編寫啟動腳本Deploy.sh
#!/bin/bash
#ENV
#docker私有倉庫(Harbor)
registryUrl=192.168.1.110:5000
registry_user="xxx"
registry_pass="xxx"
project_name=$1
image_name=$2-${6:-$5} #表示$6缺省值為$5;$6非空僅用于回滾操作)
env=$3
action=$4
build_id=$5
rollback_id=$6
node_user=root
if [ "${env}" == test ];then
#測試環(huán)境
node1=192.168.1.105
elif [ "${env}" == master ];then
#生產環(huán)境
node1=192.168.1.106
else
echo '沒有${env}環(huán)境E煨摺K枵馈!'
fi
#Prepare
echo "project_name: $1 , image_name: $2-${6:-$5} 妆绞, env: $3 , action: $4 , build_id: $5 , rollback_id: $6"
#觸發(fā)動作
case $action in
deploy | rollback)
echo "The service is deployed in $node1"
ssh $node_user@$node1 "docker login --username=${registry_user} --password=${registry_pass} ${registryUrl} && docker pull $image_name && docker rm -f $project_name || true && docker run -itd --name=$project_name --restart=always -e TZ="Asia/Shanghai" --net=host -v /home/dev/logs/$project_name:/data/logs/$project_name $image_name && docker image prune -a -f --filter 'until=1h'"
;;
restart)
echo "The service is restarted in $node1"
ssh $node_user@$node1 "docker restart ${project_name} && tailf /home/dev/logs/$project_name/${project_name}.log"
;;
*)
echo 'Please select the correct trigger action:"deploy/rollback/restart"'
;;
esac
解釋:
docker login:登錄docker私有倉庫
docker pull && docker rm:服務器拉取對應鏡像顺呕;判斷容器是否存在,如果存在就結束容器,否則跳過
docker run:基于鏡像創(chuàng)建容器括饶。
--restart=always:當 Docker進程重啟后株茶,容器自動啟動;
--net=host:指定容器網(wǎng)絡模式為host图焰,即容器暴露的端口启盛,宿主機就是什么端口;
-e TZ="Asia/Shanghai" :定義容器使用時區(qū);
-v:將子項目日志目錄從容器里映射到宿主機(視個人項目情況變更)僵闯。docker image prune:刪除1小時前拉取的卧抗、并且未被使用的鏡像
補充:由于定義的Jenkinsfile部署階段需要在目標服務器(例如:192.168.1.105)上執(zhí)行操作,因此需要配置通過ssh連接鳖粟。
(1)首先需要在Jenkins容器里面生成ssh的公鑰密鑰社裆;
docker exec -it jenkins /bin/bash -c 'ssh-keygen -C "root@jenkins"'
(2)然后復制jenkins容器的公鑰(/root/.ssh/id_rsa.pub)文件內容到目標服務器的/root/.ssh/authorized_keys文件中(使用ssh-copy-id命令)。
- 注意第一次連接目標服務器會提示一個交互動作(提示輸入“yes”或者“no”)
[root@tools-env-101 ~]# docker exec -it jenkins /bin/bash -c "ssh-copy-id 192.168.1.105"
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.1.105 (192.168.1.105)' can't be established.
ECDSA key fingerprint is SHA256:/2CklRXsExQNpBUr08qN6jqbx6wBkYceC/IShzwAemk.
Are you sure you want to continue connecting (yes/no)? yes #提示交互動作向图,此處輸入“yes”繼續(xù)操作
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.1.105's password: #輸入目標服務器ssh用戶登錄密碼(默認用戶root)
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '192.168.1.105'"
and check to make sure that only the key(s) you wanted were added.
[root@tools-env-101 ~]# docker exec -it jenkins /bin/bash -c "ssh 192.168.1.105" #成功免密登錄目標服務器
Last login: Wed Nov 18 12:11:38 2020 from 192.168.1.186
[root@test-env-105 ~]#
-
( 要避開上面提到的交互動作(輸入“yes”或者“no”)泳秀,還有下面一種方法:
將目標服務器/etc/ssh/ssh_config里面的“StrictHostKeyChecking ask”改為“StrictHostKeyChecking no”,重啟ssh服務即可榄攀。
2嗜傅、創(chuàng)建jenkins流水線工程
配置選項參數(shù)01
配置選項參數(shù)02
放置Jenkinsfile
選擇參數(shù)觸發(fā)構建
成功構建,查看操作日志
